Symmetric vs. asymmetric encryption: What's the difference? (original) (raw)

Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons.

Cryptography is the art of encrypting and decrypting data. Encryption is the process of encoding unencrypted data, or plaintext, into encrypted data, or ciphertext, to disguise the data and make it unreadable. Decryption is the method of decoding encrypted data into readable information.

Encryption algorithms, or ciphers, involve the use of a variable -- known as a key -- which makes the data unreadable. Only the person or entity with the proper decryption key is able to read the data.

The two widely used types of ciphers are symmetric and asymmetric.

What is symmetric encryption and how does it work?

Symmetric encryption, also known as secret key encryption or single-key encryption, converts plaintext into ciphertext and back using a single secret key for both encryption and decryption.

Stream and block are the two types of symmetric algorithms. Stream ciphers encrypt data 1 bit at a time, while block ciphers encrypt data divided into set lengths, or blocks.

In symmetric encryption, sender Alice encrypts her message with an agreed-upon shared key and sends the encrypted message to Bob. Bob receives the encrypted message and uses the shared key to decrypt the message.

Graphic of how symmetric encryption works

Symmetric encryption uses the same secret key to encrypt and decrypt messages.

Symmetric encryption algorithms

There are numerous types of symmetric encryption algorithms, including the following:

Uses of symmetric encryption include payment applications, validations and pseudo-random number generation or hashing.

Pros and cons of symmetric encryption

Here are the pros of symmetric encryption:

Cons of symmetric encryption include the following:

What is asymmetric encryption and how does it work?

Asymmetric encryption, also known as public key encryption, converts plaintext to ciphertext using two interdependent keys: one to encrypt the data, a public key, and another to decrypt data encrypted with the public key, called a private key. Public keys can be used by anyone to encrypt the data. The private key, or secret key, is known only to the entity decrypting the message.

In asymmetric encryption, sender Alice encrypts her message with a public key and sends the encrypted message to Bob. Bob receives the encrypted message and uses his private key to decrypt it.

Graphic of how asymmetric encryption works

Asymmetric encryption uses a public and private key pair to encrypt and decrypt messages.

Using two different keys provides a number of different features, the most important probably being digital signatures. Among other things, digital signatures are used to guarantee a message was created by a particular entity. Digital signatures also authenticate remote systems or users.

Asymmetric encryption algorithms

Some of the most common asymmetric encryption algorithms are the following:

Asymmetric cryptography is used in key exchange, email and web security, and cryptocurrencies, such as bitcoin.

Pros and cons of asymmetric encryption

The pros of asymmetric encryption include the following:

The cons of asymmetric encryption include the following:

Asymmetric cryptography is subject to brute-force and man-in-the-middle attacks. Plus, if hackers know either user's key, they can use it to decrypt the data.

Cryptographic hashing

A cryptographic hash function has a somewhat different role compared to other cryptographic algorithms. It is used to return a value based on a piece of data, such as a file or a message, for example. Any accidental or intentional change to the data changes this hash value.

A good hash algorithm should make it impossible to either create an initial input that produces a specific hash value or for the original input to be calculated from the hash value. Message-Digest 5, or MD5, and Secure Hash Algorithm 1 (SHA-1) were widely used hash algorithms that are now considered weak. They were deprecated in 2014 and were replaced by SHA-224, SHA-256, SHA-384 and SHA-512, collectively referred to as SHA-2. SHA-3 was released in 2015. It is composed of SHA-3-224, SHA-3-256, SHA-3-384 and SHA-3-512, as well as two extendable output functions, SHAKE128 and SHAKE256. SHA-3 was labeled a backup standard rather than a replacement for SHA-2.

Graph of symmetric and asymmetric algorithms and hash functions

A variety of encryption algorithms and hash functions are available.

Symmetric vs. asymmetric: Which is better?

When choosing an encryption algorithm, it's important to consider the type of data being encrypted. High-risk or sensitive data, such as confidential customer information, needs stronger encryption than marketing plans, for example.

Performance is another key factor. Asymmetric encryption is generally slower than symmetric encryption due to the creation of two keys instead of one. The tradeoff with symmetric encryption's use of the same key, however, is multiple chances for that key being exposed. Asymmetric encryption's distributed keys mean the keys are never distributed and, therefore, are more secure.

As noted, symmetric and asymmetric encryption algorithms have different vulnerabilities. It is important to understand the application to match the most appropriate algorithm with the particular use case.

In many scenarios, such as SSL/TLS, both asymmetric and asymmetric algorithms are used to boost security. Because asymmetric encryption is much slower than symmetric encryption, data is typically encrypted with a symmetric algorithm, and then the comparatively short symmetric key is encrypted using asymmetric encryption. This enables the key needed to decrypt the data to be securely sent to other parties along with the symmetrically encrypted data. In another example, Secure/Multipurpose Internet Mail Extensions, or S/MIME, uses an asymmetric algorithm for nonrepudiation and a symmetric algorithm for efficient privacy and data protection.

The landscape of cryptography is constantly changing. To stay abreast of the latest developments, follow the news and recommendations from standards bodies such as NIST.

Next Steps

What is post-quantum cryptography and should we care?

Triple DES: How strong is the data encryption standard?

Protect against evolving data security threats

How to secure data at rest, in use and in motion

Data security guide: Everything you need to know

Dig Deeper on Data security and privacy

How to protect port 139 from SMB attacks

Keeping port 139 open is perfectly normal -- but only for good reason. Without the proper protections, it can present a major security risk.Continue Reading

Port scan attacks: What they are and how to prevent them

Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ...Continue Reading

Stateful vs. stateless firewalls: Understanding the differences

Stateful firewalls are the norm in most networks, but there are still times where a stateless firewall fits the bill. Learn how these firewalls work ...Continue Reading